This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch master
in repository libyaml-libyaml-perl.

commit b577019bbf0f8c3d1b6fca43a219663399bde21b
Author: gregor herrmann <gre...@debian.org>
Date:   Sun Feb 14 15:45:47 2016 +0100

    Drop a bunch of patches which all have been applied upstream.
---
 debian/patches/CVE-2014-2525.patch                 | 35 ---------
 debian/patches/CVE-2014-9130.patch                 | 26 -------
 debian/patches/fix_ftbfs_hardening_flags.diff      | 42 -----------
 ...gainst-overflows-in-indent-and-flow_level.patch | 86 ----------------------
 debian/patches/libyaml-string-overflow.patch       | 26 -------
 debian/patches/series                              |  5 --
 6 files changed, 220 deletions(-)

diff --git a/debian/patches/CVE-2014-2525.patch 
b/debian/patches/CVE-2014-2525.patch
deleted file mode 100644
index c0f3226..0000000
--- a/debian/patches/CVE-2014-2525.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Description: CVE-2014-2525: Heap overflow when parsing YAML tags
-  The heap overflow is caused by not properly expanding a string before
-  writing to it in function yaml_parser_scan_uri_escapes in scanner.c. 
-Origin: upstream
-Last-Update: 2014-03-23
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -2629,6 +2629,9 @@
-         /* Check if it is a URI-escape sequence. */
- 
-         if (CHECK(parser->buffer, '%')) {
-+            if (!STRING_EXTEND(parser, string))
-+                goto error;
-+
-             if (!yaml_parser_scan_uri_escapes(parser,
-                         directive, start_mark, &string)) goto error;
-         }
---- a/LibYAML/yaml_private.h
-+++ b/LibYAML/yaml_private.h
-@@ -134,9 +134,12 @@
-      (string).start = (string).pointer = (string).end = 0)
- 
- #define STRING_EXTEND(context,string)                                         
  \
--    (((string).pointer+5 < (string).end)                                      
  \
-+    ((((string).pointer+5 < (string).end)                                     
  \
-         || yaml_string_extend(&(string).start,                                
  \
--            &(string).pointer, &(string).end))
-+            &(string).pointer, &(string).end)) ?                              
  \
-+         1 :                                                                  
  \
-+        ((context)->error = YAML_MEMORY_ERROR,                                
  \
-+         0))
- 
- #define CLEAR(context,string)                                                 
  \
-     ((string).pointer = (string).start,                                       
  \
diff --git a/debian/patches/CVE-2014-9130.patch 
b/debian/patches/CVE-2014-9130.patch
deleted file mode 100644
index 3528d7f..0000000
--- a/debian/patches/CVE-2014-9130.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: Remove invalid simple key assertion
- CVE-2014-9130: denial-of-service/application crash with untrusted
- yaml input
-Origin: upstream, 
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
-Bug: 
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
-Bug-Debian: https://bugs.debian.org/771365
-Forwarded: no
-Author: Salvatore Bonaccorso <car...@debian.org>
-Last-Update: 2014-11-29
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -1106,13 +1106,6 @@ yaml_parser_save_simple_key(yaml_parser_
-             && parser->indent == (ptrdiff_t)parser->mark.column);
- 
-     /*
--     * A simple key is required only when it is the first token in the current
--     * line.  Therefore it is always allowed.  But we add a check anyway.
--     */
--
--    assert(parser->simple_key_allowed || !required);    /* Impossible. */
--
--    /*
-      * If the current position may start a simple key, save it.
-      */
- 
diff --git a/debian/patches/fix_ftbfs_hardening_flags.diff 
b/debian/patches/fix_ftbfs_hardening_flags.diff
deleted file mode 100644
index 1fab025..0000000
--- a/debian/patches/fix_ftbfs_hardening_flags.diff
+++ /dev/null
@@ -1,42 +0,0 @@
-Description: Fix ftbfs with hardening flags (CVE-2012-1152)
-Forwarded: https://rt.cpan.org/Ticket/Display.html?id=75365
-Author: Julián Moreno Patiño <darkju...@gmail.com>
-Last-Update: 2012-02-28
---- a/LibYAML/perl_libyaml.c
-+++ b/LibYAML/perl_libyaml.c
-@@ -188,7 +188,7 @@
-     return;
- 
- load_error:
--    croak(loader_error_msg(&loader, NULL));
-+    croak("%s", loader_error_msg(&loader, NULL));
- }
- 
- /*
-@@ -271,7 +271,7 @@
-     return return_sv;
- 
-     load_error:
--        croak(loader_error_msg(loader, NULL));
-+        croak("%s", loader_error_msg(loader, NULL));
- }
- 
- /*
-@@ -313,7 +313,7 @@
-         }
-         else if (strlen(tag) <= strlen(prefix) ||
-             ! strnEQ(tag, prefix, strlen(prefix))
--        ) croak(
-+        ) croak("%s",
-             loader_error_msg(loader, form("bad tag found for hash: '%s'", 
tag))
-         );
-         class = tag + strlen(prefix);
-@@ -346,7 +346,7 @@
-             prefix = "!";
-         else if (strlen(tag) <= strlen(prefix) ||
-             ! strnEQ(tag, prefix, strlen(prefix))
--        ) croak(
-+        ) croak("%s",
-             loader_error_msg(loader, form("bad tag found for array: '%s'", 
tag))
-         );
-         class = tag + strlen(prefix);
diff --git 
a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch 
b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
deleted file mode 100644
index bdf7cb5..0000000
--- 
a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Description: Guard against overflows in indent and flow_level
-Origin: upstream, 
https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2,
- 
https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
-Last-Update: 2014-02-10
-Applied-Upstream: 0.1.5
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -615,11 +615,11 @@
-  */
- 
- static int
--yaml_parser_roll_indent(yaml_parser_t *parser, int column,
--        int number, yaml_token_type_t type, yaml_mark_t mark);
-+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
-+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
- 
- static int
--yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
-+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
- 
- /*
-  * Token fetchers.
-@@ -1103,7 +1103,7 @@
-      */
- 
-     int required = (!parser->flow_level
--            && parser->indent == (int)parser->mark.column);
-+            && parser->indent == (ptrdiff_t)parser->mark.column);
- 
-     /*
-      * A simple key is required only when it is the first token in the current
-@@ -1176,6 +1176,11 @@
- 
-     /* Increase the flow level. */
- 
-+    if (parser->flow_level == INT_MAX) {
-+        parser->error = YAML_MEMORY_ERROR;
-+        return 0;
-+    }
-+
-     parser->flow_level++;
- 
-     return 1;
-@@ -1206,8 +1211,8 @@
-  */
- 
- static int
--yaml_parser_roll_indent(yaml_parser_t *parser, int column,
--        int number, yaml_token_type_t type, yaml_mark_t mark)
-+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
-+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
- {
-     yaml_token_t token;
- 
-@@ -1226,6 +1231,11 @@
-         if (!PUSH(parser, parser->indents, parser->indent))
-             return 0;
- 
-+        if (column > INT_MAX) {
-+            parser->error = YAML_MEMORY_ERROR;
-+            return 0;
-+      }
-+
-         parser->indent = column;
- 
-         /* Create a token and insert it into the queue. */
-@@ -1254,7 +1264,7 @@
- 
- 
- static int
--yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
-+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
- {
-     yaml_token_t token;
- 
---- a/LibYAML/yaml_private.h
-+++ b/LibYAML/yaml_private.h
-@@ -8,6 +8,7 @@
- 
- #include <assert.h>
- #include <limits.h>
-+#include <stddef.h>
- 
- /*
-  * Memory management.
diff --git a/debian/patches/libyaml-string-overflow.patch 
b/debian/patches/libyaml-string-overflow.patch
deleted file mode 100644
index d0d14ff..0000000
--- a/debian/patches/libyaml-string-overflow.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Description: CVE-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading 
to buffer overflow
- This is a proposed patch from Florian Weimer <fwei...@redhat.com> for
- the string overflow issue. It has been ack'd by upstream.
-Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
-Last-Update: 2014-01-29
----
-# HG changeset patch
-# User Florian Weimer <fwei...@redhat.com>
-# Date 1389273500 -3600
-#      Thu Jan 09 14:18:20 2014 +0100
-# Node ID a54d7af707f25dc298a7be60fd152001d2b3035b
-# Parent  3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5
-yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
-
---- a/LibYAML/scanner.c
-+++ b/LibYAML/scanner.c
-@@ -2574,7 +2574,7 @@
- 
-     /* Resize the string to include the head. */
- 
--    while (string.end - string.start <= (int)length) {
-+    while ((size_t)(string.end - string.start) <= length) {
-         if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) 
{
-             parser->error = YAML_MEMORY_ERROR;
-             goto error;
diff --git a/debian/patches/series b/debian/patches/series
index ae79641..daae630 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,7 +1,2 @@
-fix_ftbfs_hardening_flags.diff
 disable-update.sh.patch
-libyaml-string-overflow.patch
 libyaml-node-id-hardening.patch
-libyaml-guard-against-overflows-in-indent-and-flow_level.patch
-CVE-2014-2525.patch
-CVE-2014-9130.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to